Court Says College Can Snoop On Students' Email

from the no-privacy-violation dept

There have been plenty of cases where courts have said that it's okay for an employer to snoop on (employer-provided) employee email accounts. And now there's a case saying basically the same thing for colleges and universities. As long as they provided the email system, there's apparently no violation of anti-snooping or data privacy laws. I definitely understand the reasoning here, though one might argue that the relationship between a student and a university is quite different than an employee and employer. And I could see how students might have a much higher expectation of privacy. Still, do students really use university email addresses any more, or do they have their own primary email accounts that they had before heading off to school?

I assume that the student is charged an appropriate fee for use of said email system and therefore it is not the same as employer provided email. What's next ... ISPs are allowed to snoop on the email system they charge for?

Re: still use mine

I believe just about every school still provides an email address for each student. I suspect since the schools are sending important info, class schedules, etc via email now, they gain some cover against claims of not receiving it if they control the entire email infrastructure. If the kid is forwarding his campus email off to Gmail and didn't get the notice that a test time changed, it's not the schools problem since they did deliver the notice to his campus email address.

Re: Re: still use mine

I use mine for private email. It's just easier because all school related emails go there. I have about 5 email accounts all together. I have a spam account, and a generic private email, though that one's become cluttered with enough spam from accounts Ive signed up for that I didn't want to bother clearing it out. It was just easier when I got my school email to just start over with that one.

Being a student is not the same

Employers pay people to be there and provide email as part of the paid job.
Students are not employees and pay to be there, email is part of the paid for service and should thusly have a client /provider privilege of privacy.

Same relationship?

I don't agree that Uni/Student is the same as Employer/Employee.

First, and obviously, I paid the Uni to go there... I wish it had been the other way.

Second, would the Uni be responsible for my actions? I know that Employers bear some responsibility for the actions of employees while in the course of business. But if I use my Uni-provided account to break the law (infringing, defamation, etc.), would the Uni be held responsible? And I mean actually held responsible, not just accused and included on a lawsuit only to be dismissed later.

While the fact that the Uni is providing that email service means they may have some standing of "well, it's our service, we're just letting you use it" to justify snooping, I don't think it's the same area as the Employer/Employee fight.

the community college I go to (yes, community college) *requires* use of a student email system (based on outlook online, I think. Doesn't work with Chrome on Linux, is all I know). Frankly, I have gmail hooked into it to pull messages and to send as that email address because the school requires all school related communication must be from your college supplied email address.

I do not, under an circumstances have that email account send anything even barely personal. It is for school and only for school.

colleges and email

I worked for my college's info systems tech desk...the school had the students pay a technology fee, which covered their use of the entire network, as well as basic troubleshooting. part of that technology fee was the email system. Students were not mandated to pay the fee, but without it, they would miss out on the vast majority of teacher-sent emails and college sponsored emails.

most colleges that I know of will not send emails out to a private address unless required to do so by law or some other special circumstance.

I would not be shocked in the long run to find that the owner of a domain can pretty much check whatever goes through their property. This isn't the US mail, there isn't any expectation of privacy. You give it to someone to give it to someone else.

Re: Re: still use mine

Just Amazon and one bank account. My entire purchase history is in there along with several bank account notifications. It wouldn't tell any snoopers who I am having sex with, where my dope is stashed, or what I really think of my profs, but It does show that I got a really sweet deal on light bulbs in may and where I transferred my financial aide money.

Re: The logical conclusion

Nah... if we get that 'open', they'll just introduce new regulations we would have to comply with that would include oversight into what gets sent. If you want to avoid snooping, you may as well drive over to the recipient's house and have a quiet conversation inside with a white-noise generator going and cover your lips while you talk.

alumni use college email too

I know lots of folks who use--encouraged by the alumni office--their uni email addresses as alumns. That truly expands the universe for university email snooping. And honestly, how do they have the time?

Universities (I was a university administrator) provide students with email addresses (at no direct charge, usually) so they can communicate with the student body. The Registrar, Department Heads and Deans published schedules and announcements that way.

Students, however, do harass each other and send inappropriate messages to each other, so the university receives complaints about these and resolves them by "spying". What they do on private external accounts is their business. What they do on the university system can put at risk the reputation of the university.

As long as they provided the email system, there's apparently no violation of anti-snooping or data privacy laws.

The fact that the school provided the system was only relevant to the SCA claim. The privacy claims were dismissed for other reasons. Perhaps you should actually read the case and understand the law before blogging about it. I know, I know. That's not going to happen.

I definitely understand the reasoning here, though one might argue that the relationship between a student and a university is quite different than an employee and employer. And I could see how students might have a much higher expectation of privacy.

Re:

"What they do on the university system can put at risk the reputation of the university."

See... this is where I have a problem with the whole thing. First, let me say I understand the need for a good reputation for universities (DUKE SUCKS!). A lot of their ability to attract attendance (and thus money) comes from that reputation. I get that.

With that said... who the hell cares about what students say to each other? It's email. This is a few students talking to each other in a way that's not polite in society's view. And?

You know what would garner more respect from me? A university that looks at a harassing string of email calling a student a Jew (derisively) and tells that student "stop opening the emails" and moves on to more important things, like the quality of education and rising costs of tuition and/or the Great Book Racket.

And if there are a bunch of emails flying around 'hurting people's feelings'... did I miss the part where college students weren’t freakin adults? Do they need hand-holding and a widdle hug to tell them everything is going to be ok every time someone makes fun of them? Seriously? So instead of preparing young adults for the world that awaits, it’s now part of the university’s job to further shelter them so that nothing ever hurts them?

If universities start taking that job of life-preparation seriously again, maybe people outside the university-sphere (like me) will care about university reputation.

1. There are public (US concept of public) schools where the student pays to attend. The e-mail system at these schools is owned by government just as the school is.

2. There are private (US concept of private) schools where the student pays to attend. The e-mail system at these schools is not owned by government or the students.

3. There are public schools where the student is paid to attend (West Point being one such). The e-mail system at these schools is owned by government just as the school is and the students are government employees.

4 There are private schools where the student is paid to attend. This is especially true of company owned and managed training schools. The e-mail system at these schools is not owned by government or the students.

It is ludicrous to think that the law in each of the above situations is the same or that the students have the same rights and privileges.

My take on things

Based on the link provided, the student in question was displaying threatening behavior through the email.

This seems less like a University being able to snoop in their student as much as an email provider being able in investigate threats against its own employees.

Normally, when an employee is threatened, the company in question would find all technical data involving the threat, then see about getting a court order from the email provider from which the email originated.

In this case, the company had full access to all relevant data and was able to skip over forcing another company, via court order, to hand over data.

There wasn't a whole lot of data provided and it really depends on the level of threat.

Required

I had to have, and use the university supplied e-mail for a number of their services, but what it did allow me to do is set a rule to auto-forward all incoming e-mails to a pre-determined alternate that I controlled. If I received something important I would get it, and I would reply from my alternate e-mail. From that reply all of my teachers or other students would then e-mail me directly. All told I only logged in using that e-mail address maybe 4 times unless you count the grading system or online class portal.

Re: Re: The logical conclusion

Nobody Uses University Provided Email

Nobody uses their university's provided email system anymore. The only reason they get used is when they have to verify they are a student with a .edu email address (Amazon's one free year of Prime for students). All the universities that I'm familiar with, including the one I attend, have email forwarding set up. All my .edu emails get forwarded to my GMail account. While I can see why this would cause an issues, I don't think it's as big as it would have been 10 years ago.

Re: encryption

Not universally usable...

Neither is internet email, anymore. Spam killed the early, hoped-for promise of universal email connectivity. Now the only “universal” is that some spam will get through the filters—and some desired email will be lost in the spam filters.

I understand the younger kids look at email as old-folks' tech, anyhow.

Some people have to use college email systems. My community college not only gives you an email address but will only send things to that email address and will only respond to students if they send it from that email address.

I just graduated here in the UK, and while plenty of very important email was sent through the official university email service, I don't think anyone used that trashy website for anything else.

On topic of Employee-Employer vs Student-University relationships, its something I've never really understood and just accepted. As a student I was paying quite large fees for education, and the university was monitoring my internet usage and claiming the rights to all of my intellectual property (like an employer). Surely we are the employers, or at least just customers, whom have rights to privacy and self enterprise?

Re: Re: Re:

Exactly. It's going to be something resembling impossible to properly troubleshoot email routing without indecently seeing some parts of normal email. It's very unrealistic to expect that the administrator of the system you are using never to see the contents of your email if you don't encrypt it.

Um...

Sorry. Last I checked, my $40,000 a year that I'm paying for tuition helps keep the school afloat, and therefore, entitles me to have a snoop-free, university e-mail account. For them to think otherwise is as ridiculous as American seniors thinking they are entitled to Social Security and Medicare. Oh... wait...